CLAIMS 

What is claimed is: 



1 1 . A method, comprising the computer-implemented steps of: 

2 receiving trust information defining one or more trusted signatories; 

3 receiving configuration information comprising a hostname, one or more 

4 configuration directives for a host network element associated with the 

5 hostname, and one or more digital signatures of the hostname and 

6 configuration directives; 

7 attempting to verify the one or more digital signatures based on the trust information; 

8 applying the configuration directives to a network element only when the one or more 

9 digital signatures are verified successfully. 

1 2. A method as recited in Claim 1 , further comprising the steps of: 

2 verifying that the one or more digital signatures is valid and that one or more 

3 principals respectively associated with the digital signatures have collective 

4 authority to perform the directives on the host. 

1 3. A method as recited in Claim 1 , further comprising the steps of: 

2 receiving, in association with a particular configuration directive, security 

3 information defining a number of required signatures and required principals; 

4 applying the particular configuration directive only when the configuration 

5 information has the number of required signatures by the required principals. 

1 4. A method as recited in Claim 1, further comprising the steps of: 

2 receiving, in association with a particular configuration directive, security 

3 information defining a number of required signatures and required principals; 

4 applying the particular configuration directive only when the configuration 

5 information has the number of required signatures by the required principals 

6 and only upon successively validating all required signatures. 
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5. A method as recited in Claim 1, wherein the digital signatures use public key 
cryptography, and wherein public keys for the digital signatures are stored on the host. 



1 6. A method as recited in Claim 1 , wherein the digital signatures use public key 

2 cryptography, wherein public keys for the digital signatures are stored on a key server and 

3 retrieved from the key server as part of attempting to validate the digital signatures. 

17. A method as recited in Claim 1 , wherein the digital signatures use public key 

2 cryptography, and wherein public keys for the digital signatures received in a digital 

3 certificate and extracted from the digital certificate as part of attempting to validate the 

4 digital signatures. 

1 8. A method, comprising the computer-implemented steps of: 

2 receiving trust information defining one or more trusted signatories; 

3 receiving configuration control information that includes a time period during which 

4 a valid digital signature is required for applying one or more particular 

5 configuration directives; 

6 receiving configuration information comprising a hostname, one or more 

7 configuration directives for a host network element associated with the 

8 hostname, one or more digital signatures of the hostname and configuration 

9 directives, and a date-time value; 

10 determining if the date-time value is within the time period; 

1 1 determining if the one or more configuration directives have been previously received 

12 during the time period; and 

13 only when the date-time value is within the time period and the one or more 

14 configuration directives have not been previously received during the time 

15 period, attempting to verify the one or more digital signatures based on the 

16 trust information, and applying the configuration directives to a network 

17 element only when the one or more digital signatures are verified successfully. 
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1 9. A method as recited in Claim 8, wherein the step of determining if the one or more 

2 configuration directives have been previously received during the time period comprises the 

3 steps of: 

4 generating a secure hash of the one or more configuration directives; 

5 determining if the secure hash is found in memory. 

1 10. A method as recited in Claim 8, wherein the step of determining if the one or more 

2 configuration directives have been previously received during the time period comprises the 

3 steps of: 

4 generating a secure hash of the one or more configuration directives; 

5 determining if the secure hash is found in non- volatile memory. 

1 11. A method as recited in Claim 8, further comprising the step of storing the secure hash 

2 in non- volatile memory, in association with an expiration value, when the date-time value is 

3 within the time period and the one or more configuration directives have not been previously 

4 received during the time period. 

1 12. A method as recited in Claim 8, further comprising the steps of: 

2 verifying that the one or more digital signatures is valid and that one or more 

3 principals respectively associated with the digital signatures have collective 

4 authority to perform the directives on the host. 

1 13. A method as recited in Claim 8, further comprising the steps of: 

2 receiving, in association with a particular configuration directive, security 

3 information defining a number of required signatures and required principals; 

4 applying the particular configuration directive only when the configuration 

5 information has the number of required signatures by the required principals. 
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1 14. A method as recited in Claim 8, further comprising the steps of: 

2 receiving, in association with a particular configuration directive, security 

3 information defining a number of required signatures and required principals; 

4 applying the particular configuration directive only when the configuration 

5 information has the number of required signatures by the required principals 

6 and only upon successively validating all required signatures. 

1 15. A method as recited in Claim 8, wherein the digital signatures use public key 

2 cryptography, and wherein public keys for the digital signatures are stored on the host. 

1 16. A method as recited in Claim 8, wherein the digital signatures use public key 

2 cryptography, wherein public keys for the digital signatures are stored on a key server and 

3 retrieved from the key server as part of attempting to validate the digital signatures. 

1 17. A method as recited in Claim 8, wherein the digital signatures use public key 

2 cryptography, and wherein public keys for the digital signatures received in a digital 

3 certificate and extracted from the digital certificate as part of attempting to validate the 

4 digital signatures. 

1 18. A method for verifying configuration changes for network devices using digital 

2 signatures, comprising the computer-implemented steps of: 

3 receiving a public key for a user of the network devices; 

4 receiving configuration control information that includes a time period during which 

5 a valid digital signature is required for applying one or more particular 

6 configuration directives to a specified network device; 

7 receiving configuration information comprising a hostname, one or more 

8 configuration directives for the specified network device associated with the 

9 hostname, one or more digital signatures of the hostname and configuration 
10 directives, and a date-time value; 
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1 1 determining if the date-time value is within the time period; 

12 determining if the one or more configuration directives have been previously received 

1 3 during the time period, by generating a secure hash of the one or more 

14 configuration directives and determining if the secure hash is found in 

15 memory; and 

16 only when the date-time value is within the time period and the one or more 

1 7 configuration directives have not been previously received during the time 

1 8 period, performing the steps of: 

19 attempting to verify the one or more digital signatures based on generating a 

20 secure hash of the one or more configuration directives using the 

21 public key and comparing the secure hash to the one or more digital 

22 signatures, 

23 and applying the configuration directives to a network element only when the 

24 one or more digital signatures are verified successfully. 

1 19. A method as recited in any of Claims 1, 8, or 18, wherein the one or more digital 

2 signatures comprise a first digital signature of the one or more configuration directives by a 

3 first user, and a second digital signature by a second user, wherein the second digital 

4 signature is applied to a resultant of the first digital signature. 

1 20. A method as recited in any of Claims 1 , 8, or 1 8, wherein the one or more digital 

2 signatures comprise a first digital signature of a first portion of the one or more configuration 

3 directives by a first user, a second digital signature of a second portion of the one or more 

4 configuration directives by a second user, and a third digital signature by a third user, 

5 wherein the third digital signature is applied to a resultant of the first digital signature and the 

6 second digital signature. 
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1 21. A computer-readable medium carrying one or more sequences of instructions for 

2 verifying configuration changes for network devices using digital signatures, which 

3 instructions, when executed by one or more processors, cause the one or more processors to 

4 carry out the steps of: 

5 receiving trust information defining one or more trusted signatories; 

6 receiving configuration information comprising a hostname, one or more 

7 configuration directives for a host network element associated with the 

8 hostname, and one or more digital signatures of the hostname and 

9 configuration directives; 

10 attempting to verify the one or more digital signatures based on the trust information; 

1 1 applying the configuration directives to a network element only when the one or more 

12 digital signatures are verified successfully. 

1 22. A computer-readable medium as recited in Claim 21, further comprising instructions 

2 which, when executed by the one or more processors, cause the one or more processors to 

3 perform the steps of any of Claims 2, 3, 4, 5, 6, or 7. 

1 23. A computer-readable medium as recited in Claim 21, wherein the one or more digital 

2 signatures comprise a first digital signature of the one or more configuration directives by a 

3 first user, and a second digital signature by a second user, wherein the second digital 

4 signature is applied to a resultant of the first digital signature. 

1 24. A computer-readable medium as recited in Claim 21, wherein the one or more digital 

2 signatures comprise a first digital signature of a first portion of the one or more configuration 

3 directives by a first user, a second digital signature of a second portion of the one or more 

4 configuration directives by a second user, and a third digital signature by a third user, 

5 wherein the third digital signature is applied to a resultant of the first digital signature and the 

6 second digital signature. 
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1 25. An apparatus for verifying configuration changes for network devices using digital 

2 signatures, comprising: 

3 means for receiving trust information defining one or more trusted signatories; 

4 means for receiving configuration information comprising a hostname, one or more 

5 configuration directives for a host network element associated with the 

6 hostname, and one or more digital signatures of the hostname and 

7 configuration directives; 

8 means for attempting to verify the one or more digital signatures based on the trust 

9 information; 

10 means for applying the configuration directives to a network element only when the 

1 1 one or more digital signatures are verified successfully. 

1 26. An apparatus as recited in Claim 25, further comprising means for performing the 

2 steps of any of Claims 2, 3, 4, 5, 6, or 7. 

1 27. An apparatus as recited in Claim 25, wherein the one or more digital signatures 

2 comprise a first digital signature of the one or more configuration directives by a first user, 

3 and a second digital signature by a second user, wherein the second digital signature is 

4 applied to a resultant of the first digital signature. 

1 28. An apparatus as recited in Claim 25, wherein the one or more digital signatures 

2 comprise a first digital signature of a first portion of the one or more configuration directives 

3 by a first user, a second digital signature of a second portion of the one or more configuration 

4 directives by a second user, and a third digital signature by a third user, wherein the third 

5 digital signature is applied to a resultant of the first digital signature and the second digital 

6 signature. 
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1 29. An apparatus for verifying configuration changes for network devices using 

2 digital signatures, comprising: 

3 a network interface that is coupled to the data network for receiving one or more packet 

4 flows therefrom; 

5 a processor; 

6 one or more stored sequences of instructions which, when executed by the processor, cause 

7 the processor to carry out the steps of: 

8 receiving trust information defining one or more trusted signatories; 

9 receiving configuration information comprising a hostname, one or more 

10 configuration directives for a host network element associated with the 

1 1 hostname, and one or more digital signatures of the hostname and 

12 configuration directives; 

1 3 attempting to verify the one or more digital signatures based on the trust information; 

14 applying the configuration directives to a network element only when the one or more 

15 digital signatures are verified successfully. 

1 30. An apparatus as recited in Claim 29, further comprising instructions which, when 

2 executed by the one or more processors, cause the one or more processors to perform the 

3 steps of any of Claims 2, 3, 4, 5, 6, or 7. 

1 31. An apparatus as recited in Claim 29, wherein the one or more digital signatures 

2 comprise a first digital signature of the one or more configuration directives by a first user, 

3 and a second digital signature by a second user, wherein the second digital signature is 

4 applied to a resultant of the first digital signature. 



-35- 

50325-0864 (Seq. No. 8308) 



1 32. An apparatus as recited in Claim 29, wherein the one or more digital signatures 

2 comprise a first digital signature of a first portion of the one or more configuration directives 

3 by a first user, a second digital signature of a second portion of the one or more configuration 

4 directives by a second user, and a third digital signature by a third user, wherein the third 

5 digital signature is applied to a resultant of the first digital signature and the second digital 

6 signature. 
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